all parts working

ansible.cfg

@@ -2,11 +2,19 @@
 # ===============================================
 
 [defaults]
+inventory	= ./hosts
+
+host_key_checking=False
 
 [inventory]
 
 [privilege_escalation]
 
+become=True
+become_method=sudo
+become_user=root
+become_ask_pass=False
+
 [paramiko_connection]
 
 [ssh_connection]

hosts

@@ -1,8 +1,8 @@
-[web]
-web-internal ansible_ssh_private_key_file=~/.ssh/internal_ed25519
-
-[nas]
-nas-internal ansible_ssh_private_key_file=~/.ssh/internal_ed25519
-
-[orcha]
-localhost ansible_connection=local
+all:
+  hosts:
+    web:
+      ansible_ssh_private_key_file: ~/.ssh/internal_ed25519
+    nas:
+      ansible_ssh_private_key_file: ~/.ssh/internal_ed25519
+    orcha:
+      ansible_connection: local

playbook.yml

@@ -7,11 +7,15 @@
   roles:
     - orcha
 
-- hosts: web
-  roles:
-    - web
-
 - hosts: nas
   roles:
     - nas
+  vars:
+    user: josh
+
+- hosts: web
+  roles:
+    - web
+  vars:
+    user: josh
 

roles/basic/tasks/main.yml

@@ -1,8 +1,20 @@
 ---
-- name: Remove localhost hostname definition
-  lineinfile:
-    path: /etc/hosts
-    # hostnamectl doesn't update the hostname in this entry, so we can't 
-    # match against {{ ansible_facts['nodename'] }}.
-    regexp: "^127\\.0\\.1\\.1[ \\t]+"
-    state: absent
+- name: Ensure QEMU tools is installed
+  apt:
+    name: qemu-guest-agent
+    state: present
+    update_cache: yes
+
+- name: Ensure rsync is installed
+  apt:
+    name: rsync
+    state: present
+
+# Cloudinit sets this now, no need to remove it.
+# - name: Remove localhost hostname definition
+#   lineinfile:
+#     path: /etc/hosts
+#     # hostnamectl doesn't update the hostname in this entry, so we can't 
+#     # match against {{ ansible_facts['nodename'] }}.
+#     regexp: "^127\\.0\\.1\\.1[ \\t]+"
+#     state: absent

roles/nas/tasks/main.yml

@@ -0,0 +1,29 @@
+- name: Create mountable dir
+  file:
+    path: /nfs
+    state: directory
+    mode: u=rwx,g=r,o=r
+    owner: '{{ user }}'
+    group: '{{ user }}'
+
+- name: Ensure NFS utilities are installed.
+  apt:
+    name: '{{ packages }}'
+    state: present
+    update_cache: yes
+  vars:
+    packages:
+      - nfs-common
+      - nfs-kernel-server
+
+- name: copy /etc/exports
+  template:
+    src: templates/nas/etc/exports.j2
+    dest: /etc/exports
+    owner: root
+    group: root
+
+- name: restart nfs server
+  service:
+    name: nfs-kernel-server
+    state: restarted

roles/orcha/tasks/main.yml

@@ -1,24 +1,26 @@
 ---
-- name: Install dnsmasq
-  apt:
-   name: dnsmasq
-   state: present
-   update_cache: yes
 
-- name: Write dnsmasq config
-  template:
-    src: templates/orcha/etc/dnsmasq.conf
-    dest: /etc/dnsmasq.conf
-    owner: root
-    group: root
-    mode: u=rw,g=r,o=r
-
-- name: Start & enable dnsmasq service
-  service:
-    name: dnsmasq
-    state: started
-    enabled: yes
-    daemon_reload: yes
+# dnsmasq installer: currently using pihole for DNS/DHCP, so this is disabled
+# - name: Install dnsmasq
+#   apt:
+#    name: dnsmasq
+#    state: present
+#    update_cache: yes
+#
+# - name: Write dnsmasq config
+#   template:
+#     src: templates/orcha/etc/dnsmasq.conf
+#     dest: /etc/dnsmasq.conf
+#     owner: root
+#     group: root
+#     mode: u=rw,g=r,o=r
+#
+# - name: Start & enable dnsmasq service
+#   service:
+#     name: dnsmasq
+#     state: started
+#     enabled: yes
+#     daemon_reload: yes
 
 # - name: Set default route to outward-facing NIC
-#   command: ip route add default via 
+#   command: ip route add default via

roles/web/tasks/main.yml

@@ -0,0 +1,73 @@
+---
+- name: Install apt-add-repository
+  apt:
+    name: '{{ packages }}'
+    state: present
+    update_cache: yes
+  vars:
+    packages:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - gnupg2
+      - software-properties-common
+
+- name: Add Docker's GPG key
+  shell: curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
+  args:
+    warn: False  # Piping
+
+- name: Add Docker's apt repository
+  shell: add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
+
+- name: Install Docker
+  apt:
+    name: '{{ packages }}'
+    state: present
+    update_cache: yes
+  vars:
+    packages:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+
+- name: Add '{{ user }}' to docker group
+  user:
+    name: '{{ user }}'
+    groups: docker
+    append: yes
+
+- name: Install docker-compose
+  shell: curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
+  args:
+    warn: False  # Calls to uname
+
+- name: Copy compose config
+  copy:
+    src: templates/web/compose
+    dest: '/home/{{ user }}'
+    owner: '{{ user }}'
+    group: '{{ user }}'
+    mode: "600"
+
+- name: Install NFS common
+  apt:
+    name: nfs-common
+    state: present
+    update_cache: yes
+
+- name: Create mountable dir
+  file:
+    path: /nfs
+    state: directory
+    mode: u=rwx,g=r,o=r
+    owner: '{{ user }}'
+    group: '{{ user }}'
+
+- name: set mountpoints
+  mount:
+    name: /nfs
+    src: 172.20.69.1:/nfs
+    fstype: nfs
+    state: mounted
+

templates/nas/etc/exports.j2

@@ -0,0 +1,11 @@
+# /etc/exports: the access control list for filesystems which may be exported
+#               to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#
+/nfs            172.20.69.1/30(rw,sync,no_root_squash,no_subtree_check)

templates/web/compose/.env.example

@@ -0,0 +1,11 @@
+# Locations
+MEDIA_DIR=/Media
+CONTAINERS_DIR=/data
+
+# Secrets
+POSTGRES_USER=pg
+POSTGRES_PASSWORD=password
+MARIADB_USER=maria
+MARIADB_PASSWORD=password
[email protected]
+SMTP_PASS=password